SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   Tritanium Bulletin Board Vendors:   Tritanium Scripts
Tritanium Bulletin Board Discloses Messages to Remote Authenticated Users
SecurityTracker Alert ID:  1008073
SecurityTracker URL:  http://securitytracker.com/id/1008073
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 3 2003
Impact:   Disclosure of user information
Exploit Included:  Yes  
Version(s): 1.2.3
Description:   A vulnerability was reported in the Tritanium Bulletin Board. A remote authenticated user can view and reply to message threads for which they are not authorized.

Virginity Security reported that the software does not properly validate access rights. A remote user can use the 'reply' action to open a reply window that includes the content of the messages in the thread.

A demonstration exploit URL is provided:

http://[target]/[path]/index.php?faction=reply&thread_id=[ID OF THE THREAD TO READ]&forum_id=[ID OF FORUM]&sid=[your sid]

The vendor has reportedly been notified.

Impact:   A remote authenticated user can access messages in threads that the user is not authorized to access.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.tritanium-scripts.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Virginity Security Advisory 2003-002 : Tritanium Bulletin Board -




- - - --------------------------------------------------------------------
Virginity Security Advisory 2003-002
- - - --------------------------------------------------------------------
             DATE : 2003-10-31 22:59 GMT
             TYPE : remote
VERSIONS AFFECTED : <== Tritanium Bulletin Board 1.2.3 (http://www.tritanium-scripts.com/)
           AUTHOR : Virginity
- - - --------------------------------------------------------------------


Description:

I found a security bug in Tritanium Bulletin Board:
Normal Users can read the content of Threads to which they have no access rights!
(and can answer to it which may be a problem if the internal forum has the right to insert html code)

Author of the Software has been notified.

- - - --------------------------------------------------------------------


Example:

http://[target].com/[path]/index.php?faction=reply&thread_id=[ID OF THE THREAD TO READ]&forum_id=[ID OF FORUM]&sid=[your sid]

Shows the window where The Attacker can answer to the topic and below that a window with the content of the thread!!!
The Attacker can easily read all protected Threads since the thread_id is counted for every forum newly so just put from 1 on upwards
 :-)

- - - --------------------------------------------------------------------


Solution:
Hey sorry this time i had no time for a solution :-)

- - - --------------------------------------------------------------------

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC